Deep Dive

How Nexion works

Nexion turns age, region, eligibility, and crypto onboarding rules into wallet-based Pass/Fail checks with signed policy receipts—plugged into your existing auth and access stack.

This page walks through the end-to-end flow, where Nexion sits in your architecture, and how platforms, developers, and users experience it day to day.

Contact Sales Go to developer docs

Architecture

Where Nexion fits in your stack

Nexion is a wallet-based policy verifier that sits alongside your identity provider, crypto wallet integrations, and permissions model.

It doesn't replace your IdP, directories, or RBAC/ABAC systems:

Your IdP (or wallet login) still creates identities and sessions
Nexion verifies whether a user currently meets a given policy at signup, sign-in, or before a sensitive flow
Your own systems continue to manage roles, balances, and business logic

In most deployments: Nexion is called as a policy step before high-risk features—not as a rip-and-replace project for your entire auth stack.

The Process

End-to-end flow

One-time, high-assurance issuance

The user completes a one-time eKYC check in the Nexion wallet: document authenticity (including NFC where available), biometric face match, and liveness checks are performed by vetted providers.

Once complete, the wallet receives a verifiable credential that encapsulates statements such as "over 18", "resident of country X", or "meets your onboarding policy for product Y". Raw ID images and full identity fields stay in the wallet, not in your systems.

Policy check during sign-in or access

Your site or app asks the wallet to prove a specific rule—such as "user is over the required age, in an allowed region, and not restricted from trading". The wallet evaluates that policy on-device against the credential.

It then creates a verifier-bound presentation using OID4VP (OpenID for Verifiable Presentations). Your backend validates that presentation and records a Pass/Fail decision plus a policy receipt suitable for audit logs.

Reuse and keep rules current

On return visits, a passkey lets the user prove they are the same person on the same device. The wallet re-evaluates your current policies, so access always reflects the latest rules and jurisdictions.

Your logs keep policy outcomes and receipts, not raw identity data. If policies change, you update them once in Nexion; the wallet applies them on-device at the next check.

Experience

User journey

What users do

1
Set up the wallet once with their ID and selfie
2
Receive a credential (for example, "over 18 + residency" or "passed your crypto KYC policy")
3
Sign in with a passkey instead of a password on supported devices
4
Have policies checked automatically whenever they access sensitive or regulated flows

From the wallet, users can see where their credential was used and revoke a device if it is lost.

What your product does

Redirect new users once to complete wallet issuance when they hit a gated flow
Request policy proofs from the wallet at sign-up, sign-in, or before sensitive actions (for example, a first trade or high-risk feature)
Consume Pass/Fail outcomes and policy receipts in your existing logging and decisioning pipelines
Optionally show users why access was blocked (for example, "region not allowed" or "limit exceeded")

Integration

Developer experience

Nexion is designed to feel like any other well-documented infrastructure dependency: SDKs for major platforms, clear APIs for policies and receipts, and simple JSON objects that drop into your existing observability and risk stack.

SDKs and quickstarts

Client SDKs and quickstarts for Web, iOS, and Android
Server libraries and examples for common stacks used by both web2 and web3 teams
Test sandboxes that simulate issuance and policy checks without hitting production providers

What you integrate

Policy APIs instead of hand-rolled rules in every product, exchange, or dApp
Callbacks and webhooks that notify your backend of decisions and receipts
Receipts exposed as simple JSON objects, ready for logging, analytics, and case management

For detailed integration examples and code snippets, see the Developers section.

Use Cases

Example flows

18+ age gate for mature content

1
User hits a mature content route
2
Your backend sees no age credential and prompts issuance in the wallet
3
Wallet performs one-time eKYC and stores "over 18" plus residency
4
On return, your app calls Nexion to check age >= 18 && residency in allowed_regions
5
You log the Pass/Fail decision and the policy receipt; content is shown or blocked accordingly

Region-gated feature for specific countries

1
User attempts to access a feature only available in certain countries
2
Your backend requests proof that residency in allowed_countries from the wallet
3
The wallet evaluates the rule locally and returns a Pass/Fail decision plus a signed receipt
4
Your service enforces the result, and your logs retain the receipt as evidence of the check

Crypto onboarding and trading limits

1
User starts onboarding to a crypto platform or exchange
2
Nexion issues a credential after your chosen KYC/KYB checks complete
3
Before a first trade or higher-risk product, you call Nexion with a policy like eligible_for_product("derivatives")
4
You log Pass/Fail plus the policy receipt alongside your trade and risk data

FAQ

Flow & integration FAQ

What changes in our login and access flows?

You add a policy step before sensitive flows. For a new user, that means redirecting them to complete issuance in the wallet once. For returning users, it means a passkey sign-in and background policy checks, with decisions and receipts flowing into your logs. You keep your existing identity provider, sessions, and permissions model; Nexion handles the policy proof.

Does Nexion replace our identity provider or crypto wallet?

No. Nexion complements them. Your IdP or crypto wallet continues to manage identities and sessions; Nexion verifies whether a given identity currently meets your policies (such as age, region, eligibility, or KYC status) and issues receipts you can reuse across audits and products.

Where do we handle fine-grained permissions?

Fine-grained permissions, entitlements, and trading rules remain in your own systems. Nexion handles the "Are they allowed to be here at all?" questions—such as legal age, jurisdiction, KYC status, or eligibility—while your product logic and RBAC/ABAC handle what the user can do once inside.

Have a flow that doesn't fit neatly into these patterns? Talk to us and we'll map your policies onto the model.

How Nexion works

Nexion turns age, region, eligibility, and crypto onboarding rules into wallet-based Pass/Fail checks with signed policy receipts—plugged into your existing auth and access stack.

This page walks through the end-to-end flow, where Nexion sits in your architecture, and how platforms, developers, and users experience it day to day.